ansible指路篇-安装及基本命令使用

                                            作者:尹正杰

版权声明:原创作品,谢绝转载!否则将追究法律责任。

一.什么是ansible

  ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
 ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:

   >.连接插件connection plugins:负责和被监控端实现通信;

   >.host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;

   >.各种模块核心模块、command模块、自定义模块;

   >.借助于插件完成记录日志邮件等功能;

   >.playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
 
二.准备环境
  我们本次试验需要4台主机,1台web服务器,2台数据库服务器,1台发送指令的服务器。并且需要配置好域名。其对应关系如下:
主机名称 对应IP 部署服务
node1.yinzhengjie.com 192.168.105/24 http
node2.yinzhengjie.com 192.168.1.110/24 nginx,mysql
node3.yinzhengjie.com 192.168.1.115/24 mysql
node4.yinzhengjie.com 192.168.1.200/24 ansible 
 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.200

 [root@yinzhengjie ~]# more /etc/hosts | grep yinzhengjie

 192.168.1.105   node1.yinzhengjie.com

 192.168.1.110   node2.yinzhengjie.com

 192.168.1.115   node3.yinzhengjie.com

 192.168.1.200   node4.yinzhengjie.com

 [root@yinzhengjie ~]#
三.安装ansible
1.下载安装包(RPM包搜索站点:https://pkgs.org/
 [root@yinzhengjie ~]# wget http://dl.fedoraproject.org/pub/epel/6/x86_64//ansible-2.3.2.0-1.el6.noarch.rpm

 [root@yinzhengjie ~]# rpm -qpi ansible-2.3.2.0-.el6.noarch.rpm
2.yum安装即可(它可以自动解决依赖关系)
  [root@yinzhengjie ~]# yum -y install ansible-2.3.2.0-.el6.noarch.rpm 
3.查看安装完毕后生产了哪些文件
 [root@yinzhengjie ~]#  rpm -qal ansible |wc -l

                         ------------->由于文件行数过多,此处我就不列出了

 [root@yinzhengjie ~]#
4.修改配置文件
 [root@yinzhengjie ~]# cd /etc/ansible/

 [root@yinzhengjie ansible]# more hosts |tail -

 #Add by yinzhengjie

 [webservers]

 node1.yinzhengjie.com

 node2.yinzhengjie.com

 [dbservers]

 node2.yinzhengjie.com

 node3.yinzhengjie.com

 [root@yinzhengjie ansible]#
 
5.配置无秘钥登录证书
a>..生成证书
 [root@yinzhengjie ~]# cd

 [root@yinzhengjie ~]# ssh-keygen -t rsa -P ''

 Generating public/private rsa key pair.

 Enter file in which to save the key (/root/.ssh/id_rsa):

 /root/.ssh/id_rsa already exists.

 Overwrite (y/n)? y

 Your identification has been saved in /root/.ssh/id_rsa.

 Your public key has been saved in /root/.ssh/id_rsa.pub.

 The key fingerprint is:

 ::9e:::6b::::7a:7e::c8::af: root@yinzhengjie

 The key's randomart image is:

 +--[ RSA ]----+

 |      .o+oo.=+  .|

 |       +o. +. oo.|

 |      ..o....E.o.|

 |       oo. .o.o  |

 |      . S. . o   |

 |          .      |

 |                 |

 |                 |

 |                 |

 +-----------------+

 [root@yinzhengjie ~]#
b>.将公钥拷贝到其他的服务器上去
 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node1.yinzhengjie.com

 The authenticity of host 'node1.yinzhengjie.com (192.168.1.105)' can't be established.

 RSA key fingerprint is ::2b:::::::c1:be:e3:ba:::.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node1.yinzhengjie.com' (RSA) to the list of known hosts.

 root@node1.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node1.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node2.yinzhengjie.com

 The authenticity of host 'node2.yinzhengjie.com (192.168.1.110)' can't be established.

 RSA key fingerprint is ::0a:6e::e9:::e5:c8:3f:b3:1d:::8e.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node2.yinzhengjie.com,192.168.1.110' (RSA) to the list of known hosts.

 root@node2.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node2.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node3.yinzhengjie.com

 The authenticity of host 'node3.yinzhengjie.com (192.168.1.115)' can't be established.

 RSA key fingerprint is :a4:bf:f7:b7::e7:e6:ce::bb:8f:e7:d8:e5:.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node3.yinzhengjie.com,192.168.1.115' (RSA) to the list of known hosts.

 root@node3.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node3.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#
 
c>.验证是否配置成功
 [root@yinzhengjie ~]# ssh node1.yinzhengjie.com

 Last login: Fri Oct  ::  from 192.168.1.161

 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.105

 [root@yinzhengjie ~]# logout

 Connection to node1.yinzhengjie.com closed.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.200

 [root@yinzhengjie ~]#
四.ansible简单应用
1.检查所有定义的主机是否在线
 [root@yinzhengjie ~]# ansible all -m ping

 node3.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 node1.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 [root@yinzhengjie ~]#
2.查看所有定义的主机的时间
 [root@yinzhengjie ~]# ansible all -m command -a 'date'

 node3.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node2.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node1.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a 'date'

 node3.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node1.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node2.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 [root@yinzhengjie ~]#
3.检查所有定义的主机的http服务是否正常
 [root@yinzhengjie ~]# ansible all -m command -a 'service httpd status'

  [WARNING]: Consider using service module rather than running service

 node1.yinzhengjie.com | SUCCESS | rc= >>

 httpd (pid  ) is running...

 node3.yinzhengjie.com | FAILED | rc= >>

 httpd is stopped

 node2.yinzhengjie.com | FAILED | rc= >>

 httpd is stopped

 [root@yinzhengjie ~]#
4.拷贝本地文件到定义的服务器群组
 [root@yinzhengjie ~]# ansible dbservers -m copy -a "src=/root/ansible-2.3.2.0-1.el6.noarch.rpm dest=/tmp/"

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",

     "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",

     "gid": ,

     "group": "root",

     "md5sum": "8388f98019479244b5098e5e23941da7",

     "mode": "",

     "owner": "root",

     "secontext": "unconfined_u:object_r:admin_home_t:s0",

     "size": ,

     "src": "/root/.ansible/tmp/ansible-tmp-1507900705.1-53916243211948/source",

     "state": "file",

     "uid":

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",

     "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",

     "gid": ,

     "group": "root",

     "md5sum": "8388f98019479244b5098e5e23941da7",

     "mode": "",

     "owner": "root",

     "secontext": "unconfined_u:object_r:admin_home_t:s0",

     "size": ,

     "src": "/root/.ansible/tmp/ansible-tmp-1507900705.18-246525313248421/source",

     "state": "file",

     "uid":

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible dbservers -a "ls /tmp"

 node3.yinzhengjie.com | SUCCESS | rc= >>

 ansible-2.3.2.0-.el6.noarch.rpm

 ansible_46ihbB

 keyring-Dp3ZRf

 ks-script-VsmDKH

 ks-script-VsmDKH.log

 orbit-gdm

 orbit-root

 pulse-qotd3GsczqPx

 pulse-sxkC9wDU7bP6

 vgauthsvclog.txt.

 virtual-root.mMq8ds

 vmware-config0

 VMwareDnD

 vmware-root

 yum.log

 node2.yinzhengjie.com | SUCCESS | rc= >>

 ansible-2.3.2.0-.el6.noarch.rpm

 ansible_KZ8J1M

 keyring-pUri5c

 orbit-gdm

 orbit-root

 pulse-UgBUKbuMXzGR

 [root@yinzhengjie ~]#
5.定义周期计划任务的模块
 [root@yinzhengjie ~]# ansible all -m cron -a 'name="yinzhengjie is good boy" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 1.cn.pool.ntp.org"'

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 node1.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a "crontab -l"

 node2.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 node3.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 node1.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 [root@yinzhengjie ~]#
 
6.给所有定义的主机创建组
 [root@yinzhengjie ~]# ansible all -m group -a "gid=306 system=yes name=yinzhengjie520"

 node1.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a "tail -1 /etc/group"

 node3.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 node1.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 node2.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 [root@yinzhengjie ~]#
 
五.ansible模块
  关于ping,date等一些命令其实都是ansible所对应的模块,因此,我们熟悉它的常用模块(ansible支持上千多个模块)还是很有必要的。用下面的命令就可以查看其支持的模块的使用方式。
1.查看ansible支持的模块个数
[root@yinzhengjie ~]# ansible-doc -l | wc -l
1039
[root@yinzhengjie ~]#
2.查看ansible对某个模块的帮助
[root@yinzhengjie ~]# ansible-doc -s copy
3.指点迷津
  想要学好ansible这个开源工具,需要熟练掌握YAML,palybook,corosync集群,crmch和pcs的使用方式。生产环境中我用不到这些。我用ansible就是因为生产环境中有50台服务器需要安装zabbix_agent服务器。听朋友介绍这个软件好使,就来研究一下。我的思路就是用ansible命令来管理所有主机,当然我会把shell安装脚本分发到各个服务器上去。帮我执行任务即可。
 
 
 

ansible指路篇-安装及基本命令使用的更多相关文章

  1. Ansible第一篇:介绍及安装

    Ansible介绍 Ansible是个什么东西呢?官方的title是"Ansible is Simple IT Automation"--简单的自动化IT工具.ansible基于P ...

  2. python Django教程 之 安装、基本命令、视图与网站

    python  Django教程  之 安装.基本命令.视图与网站 一.简介 Django 中提供了开发网站经常用到的模块,常见的代码都为你写好了,通过减少重复的代码,Django 使你能够专注于 w ...

  3. 自动化运维工具之 Ansible 介绍及安装使用

    一.初识Ansible 介绍: Absible 使用 模块(Modules)来定义配置任务.模块可以用标准脚本语言(Python,Bash,Ruby,等等)编写,这是一个很好的做法,使每个模块幂等.A ...

  4. 【OpenCV入门指南】第一篇 安装OpenCV

    http://blog.csdn.net/morewindows/article/details/8225783/ win10下vs2015配置Opencv3.1.0过程详解(转) http://ww ...

  5. ansible自动化工具安装和简单使用

    ansible自动化工具安装和简单使用 1.安装 ansible依赖于Python 2.6或更高的版本.paramiko.PyYAML及Jinja2. 2.1 编译安装 解决依赖关系 # yum -y ...

  6. ansible示例,离线安装etcd

    一.基础介绍 ========================================================================================== 1. ...

  7. Ansible介绍及安装部署

    本节内容: 运维工具 Ansible特性 Ansible架构图和核心组件 安装Ansible 演示使用示例 一.运维工具 作为一个Linux运维人员,需要了解大量的运维工具,并熟知这些工具的差异,能够 ...

  8. ansible介绍和安装

    ansible是由 Python 编写的强大的配置管理解决方案,ansible 的特点就在于它的简洁与高效率 ansible与其他的配置管理工具不同点在于:不需要你在想要配置的每个节点上安装自己的组件 ...

  9. ansible入门一(Ansible介绍及安装部署)

    本节内容: 运维工具 Ansible特性 Ansible架构图和核心组件 安装Ansible 演示使用示例 一.运维工具 作为一个Linux运维人员,需要了解大量的运维工具,并熟知这些工具的差异,能够 ...

随机推荐

  1. 第三个spring冲刺第2天

    今天我们有了计时功能的实现,并且在考虑如何使得计时器美观好看达到我们的要求,对此我们换了不同的背景,时钟框,效果还有待查看.

  2. Daily Scrum - 12/15-21

    Meeting Minutes 没有什么实质性进展: 添加/完成了一个新feature,即使用非线性的函数作为速度条的设定: 等待与travis开会,讨论下一步的feature = =: 阅读code ...

  3. The Contest CodeForces - 813A (思维)

    Pasha is participating in a contest on one well-known website. This time he wants to win the contest ...

  4. vue props 用法(转载)

    前面的话 组件接受的选项大部分与Vue实例一样,而选项props是组件中非常重要的一个选项.在 Vue 中,父子组件的关系可以总结为 props down, events up.父组件通过 props ...

  5. zip 与 unzip的简单使用

    先看help Copyright (c) - Info-ZIP - Type 'zip "-L"' for software license. Zip ). Usage: zip ...

  6. Qt_颜色选择对话框(QColorDialog)

    转自豆子空间 使用QColorDialog也很简单,Qt提供了getColor()函数,类似于QFileDialog的getOpenFileName(),可以直接获得选择的颜色. include &l ...

  7. 转《ionic生命周期》

    1.认识ionic的生命周期钩子 截至ionic 3.8.0版本,框架提供了8个钩子函数,它们分别会在页面生命周期的各个阶段被触发,我们来简单了解一下. 1.1 ionViewDidLoad 页面加载 ...

  8. PSP(4.27——5.3)以及周记录

    1.PSP 4.27 11:40 18:10 125 265 Cordova A Y min 4.28 10:00 16:50 200 210 Cordova A Y min 4.29 15:30 2 ...

  9. 关于mybatis的@Param注解和参数

    1,使用@Param注解 当以下面的方式进行写SQL语句时: @Select("select column from table where userid = #{userid} " ...

  10. 关于pycharm的debugger配置问题(包含启用py.test测试)

    今天才发现了一个刷新三观的问题.那就是 pycharm的底层集成的debugger功能其实是依赖于几个测试框架.. 现在由于要写基于pytest的测试,但是如果到zsh里面去跑命令,明显是效率很低下的 ...